Proposed law won't slow encryption use, some experts say

Proposed law won't slow encryption use, some experts say

By William Jackson

Apr 14, 2003

SAN FRANCISCO'Proposed legislation that would add a significant stretch of prison time for people who use cryptography in the commission of a crime could have a chilling effect on the technology, some privacy advocates fear.

But officials of RSA Security Inc. of Bedford, Mass., say it already is too late to slow down the use of strong encryption for digital communication'the genie is out of the bottle.

"I don't know how you could go back," said Brett Michaels, director of RSA's government sales. Encryption is too tightly integrated with too many applications essential for e-government and e-commerce to eliminate or restrict, he said.

Draft legislation for Patriot II, a follow-on to the USA Patriot Act reportedly under consideration in the Justice Department, has been discussed at a number of recent IT and security conferences, including this week's RSA Security Conference here. The bill would call for increased prison time for people convicted of a felony if they knowingly used cryptography in committing the crime. It could add up to five years for a first offense and up to 10 years for subsequent crimes.

RSA was in the front lines of the crypto-wars of the last decade, in which a rapidly evolving cryptography industry confronted government restrictions on development and exportation of the technology in the name of national security and law enforcement.

Industry and privacy advocates won out in 1999 when export restrictions were largely dropped and government gave up its grip on sophisticated cryptography. In the end it was economics, not philosophy, that decided the battle, said John Worrall, RSA vice president of worldwide marketing.

"It came down to a market economy," Worrall said. U.S. export policy was locking American companies out of the worldwide market for security and privacy technology.

Since then, the government has turned to the private sector and academic world in selecting its newest Advanced Encryption Standard algorithm, the standard for federal use. But some fear that Patriot II would herald a return to tension between government and industry.

Worrall disagrees. "Nobody is going back and saying encryption can't be used," he said. "If it stops at that, I don't think we're on a slippery slope. I think that door has been closed."

Michaels said the argument over stricter sentencing is not the same as the original argument over whether cryptography should be in private hands.

"The issue of what happens in the commission of a crime is another issue altogether," he said. "The demand for e-business and e-government is so strong I don't believe there will be any chilling effect."